Cold Storage Options for MAID in 2017?

Well hey I mean any BTC hardware wallet will do this just fine. There’s many

thanks for help!!!

It would be easy to brute force if the pass phrase is not strong.

edit: did you mean brute force the 24 words if all you have is the pass phrase? That’d be impossible. Brute forcing the pass phrase when you have the 24 words depends on the strength of the pass phrase

Is it safe to keep maidsafecoin in omniwallet? Is there any risk I can lose my coins? Because i keep my coins in omni and just wondering if I’m safe or not?

The only ‘safe’ way to store really is an offline/paper key. If you have 2FA turned on and it isn’t a huge amount of money then I wouldn’t worry too much. If it is a large sum (relative to you) then I would keep your private key on paper only. If it is a really large sum then I would suggest making sure you ‘air-gap’ it too (create your key pairings offline, there are a few ways to do that).

You can store your public key as ‘address only’ in omni, so you can see your balance there for reference, but private keys really shouldn’t be stored online imo. No counterparty risk means a lot more responsibility for the token owner.

thanks for help!!!

Is it possible if omni could get off and I lose my coins? Could someone steal them if they dont have my private key?

If you don’t have 2FA turned on then you should be a bit worried. I have heard of a couple of people getting their omni wallets hacked (in both cases they did not have 2FA turned on).

You are not safe while you rely on someone else. You have to own and control your private keys yourself, and the best way to make sure no one else can get hold of them is to store them securely offline.

If you entrust your security to someone else - whether that be a wallet or exchange or whoever - then you have good reason to worry imo.

Please, for this post, consider ‘password’ and ‘passphrase’ to be the same thing… Also, consider that I’ve frunk yoo much alcohol, so there may be mistakes

The password needs to be a strong one. It needs to be far stronger than your typical password for website logins. A well implemented website login protocol will limit the rate at which password guesses can be made by an attacker. It will also not keep user’s passwords in a database, in case of theft (they could store a salted and hashed version of the user’s password).

If someone gained access to your Trezor’s 24 word seed they could guess at your additional password at a rate only limited by their hardware capabilities. This is many, many orders of magnitude faster than the rate at which they can guess for a good website login.

The password you choose for your Trezor (in the situation you describe) needs to be strong enough to withstand an unimpeded brute force attack. I’d suggest that it’s going to be so long that it will be inconvenient for you to enter it. This is unfortunately the price you pay for security (convenience vs security). The level of inconvenience you’ll have to suffer largely depends upon the way Trezor have implemented their password function.

I’m afraid I’m not familiar enough with the Trezor to know how it handles passwords. The Ledger Nano S gives the opportunity to save a password protected wallet, which is further protected by a PIN. Three incorrect PIN guesses resets the whole device. Can you do this with the Trezor? Regardless, this is only a convenience issue…

In order to determine how strong a password is, there are three important factors:

1. The character set. This is the number of different characters which can be used in the password. Typically, these characters can be letters (upper or lower case), numbers, or special characters.

2. The length of the password. The longer the better.

3. The randomness. The more random the better… SERIOUSLY!. (Humans don’t do things randomly nearly so well as computers, but they often think that they do).

To work out the number of ‘bits of entropy’ in a RANDOM password, take the number of characters in the character set and put it to the power of the length of the password. In other words, multiply the length of the character set by itself, as many times as there are characters in the password. Can someone do a formula, because I can’t be bothered?

As a yardstick you could consider that a bitcoin private key usually has 256 bits of entropy (2^256). Do you want your password to be as strong as a bitcoin private key? I don’t know the character set for a Trezor. If, for example, there are 64 available characters, your password (if it’s random) should be about 43 characters long. I was thinking that 64 is 2^6 and 256/6 is 42.666…

(If you tell me how many different characters are allowed in a Trezor password, I can tell you how long to make the RANDOM password, if you want it to be as secure as a ‘normal’ bitcoin private key)

I dunno about the Trezor’s functionality, but I am checking out a h/w password storer and it uses a “pin” to unlock it while in use. Now if the PIN is entered wrong 3 times in a row then it zaps its encrypted store of p/ws

I would expect the Trezor to be similar – Is it? Does it lock up after “X” number of invalid attempts?

This is a very useful feature and I don’t know if it’s offered by the Trezor. The question was asking about a scenario in which the 24 word Trezor seed is already ‘owned’ though. In this case the password guesses can be attempted without the device being present because it’s deterministic and open source. All it boils down to really is the number of possible password combinations and the speed with which guesses can be made while resultant addresses are checked for…

…I think…

True, if and only if the trezor doesn’t bomb when you enter “x” number of invalid passwords in a row.

EDIT: Forget what I said, see post below

No, you don’t need the hardware wallet for this. If your hardware wallet breaks, you can import your seed (& passphrase) into Mycelium for example. So similarly, if you had someone’s seed words and were trying to brute force the passphrase (ie 25th word), you just need some bip39 software on the PC. The bottleneck is looking up the balance of addresses, as every passphrase is valid AFAIK, but just generates different addresses. This is complicated by the wallets being capable of supporting multiple coins, so you need to do this for every coin unless you know what you’re looking for. Also, the seeds/passphrases generate HD wallets, so you’d have to decide as an attacker how long to go down the list of derived addresses for that seed/passphrase before giving up and moving on to the next passphrase attempt.

No, it doesn’t lock up, but each time you enter a wrong PIN, the wait time increases by a power of 2. See this FAQ on brute forcing the Trezor PIN.

@mav interesting point regarding simplicity vs. complexity.

I have several forms of coin currently on Bittrex, and am desiring to hold them long-term as investments.

What is the simplest and easiest way for a novice like myself to store these various coins in cold storage so that I can easily retrieve them in the future and ‘cash out’ if need be?

Thanks.

Best combination of security and simplicity is hardware wallets

Does anyone know if the Ledger Blue can hold MAID?

According to their support page, they don’t support it natively.

I don’t think any of them support Omni, but they can be used as cold storage. Take a look at @Runswick’s writeup here: Cold Storage Options for MAID in 2017? - #35 by Runswick

Just a note in this thread to highlight that Omni are working on TREZOR support:

Progress can be followed in their weekly blog updates.